CVE Catalog

CVE-2026-4096

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

IBM DevOps Plan versions 3.0.0 through 3.0.6 is vulnerable to HTTP header injection due to improper validation of input in the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning, or session hijacking.

Risk Assessment

This vulnerability poses a risk to organizations by allowing attackers to carry out serious attacks that could lead to data theft or compromise of system integrity.

Recommendation

It is recommended to update IBM DevOps Plan to the latest version to mitigate this vulnerability and implement additional security measures such as proper validation of HTTP headers.

Original NVD description (English source)

IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking

Vulnerability data from NVD (NIST) · CISA KEV · EPSS